from the fun-discussion dept

We've written a few times about the attempt in Iceland to crowdsource a new Constitution. While that's had some political troubles, despite widespread public support, it seems others are taking note. The folks over at the London School of Economics recently decided it might be a fun thought experiment to see if it would be possible to crowdsource a Constitution for the UK. While many are aware of things like the Magna Carta, which in many ways laid the groundwork for the US Constitution, the UK today does not have a single written constitutional document -- meaning that there is no effective restriction on the UK Parliament's actions (as the US Constitution restricts Congress in the US).

There have been a number of online discussions about ideas for this crowdsourced Constitution on the site linked above, which are worth reading, but recently the LSE held an event to do some of the crowdsourcing live, which they then released as a podcast (on a sidenote: if you're interested in economics or world politics, I highly recommend the LSE podcast). The discussion is well worth listening to. They take a somewhat lighthearted approach to the whole thing, and it gets pretty amusing at a few points, but the discussion is still fascinating, as they debate concepts like whether or not the right to be treated equally belongs in a Constitution (and further, what does the statement even mean). There's also a spirited argument made for not having a Constitution at all (and a rebuttal for why a Constitution would be really helpful).

While it's unlikely that anything actually binding or important will come out of this process, it's somewhat fascinating even to think through the process of making a Constitution, and it's fun to see the LSE attempt to do the whole thing publicly.

from the well,-there's-that dept

The Washington Post is out with the latest revelations from the Snowden leaks and it shows that the NSA relies on foreign telcos and "allied" intelligence agencies to scoop up data on email contact lists and instant messaging buddy lists to help build its giant database of connections. Remember a few weeks ago how it was reported that the NSA was basically building a secret shadow social network? It seems like this might be one of the ways it's able to tell who your friends are.

There are a variety of important points here. First off, this information is not coming directly from the tech companies (which, again, suggests that earlier claims that the NSA had direct access to all their servers was mistaken). Rather they're picking this information up off the backbone connections in foreign countries. It also explains why they get so much data from Yahoo -- because, for no good reason at all, Yahoo hasn't forced encryption on its webmail users until... the news of this started to come out.

And here's the big problem: because all of this information is collected overseas, rather than at home, it's not subject to "oversight" (and I use that term loosely) by the FISA court or Congress. Those two only cover oversight for domestic intelligence. The fact that the NSA can scoop up all this data overseas is just a bonus.

Also, while the program is ostensibly targeted at "metadata" concerning connections between individuals, the fact that it collects "inboxes" and "buddy lists" appears to reveal content at times. With buddy lists, it can often collect content that was sent while one participant was offline (where a server holds the message until the recipient is back online), and with inboxes, they often display the beginning of messages, which the NSA collects.

Separately, because this is allowing them to gather so much data, it apparently overwhelmed the NSA's datacenters. At times, this is because they get inundated with... spam. For example, one of the documents revealed show that a target they had been following in Iran had his Yahoo email address hacked for spamming, and that presented a problem:

In fall 2011, according to an NSA presentation, the Yahoo account of an Iranian target was “hacked by an unknown actor,” who used it to send spam. The Iranian had “a number of Yahoo groups in his/her contact list, some with many hundreds or thousands of members.”

The cascading effects of repeated spam messages, compounded by the automatic addition of the Iranian’s contacts to other people’s address books, led to a massive spike in the volume of traffic collected by the Australian intelligence service on the NSA’s behalf.

After nine days of data-bombing, the Iranian’s contact book and contact books for several people within it were “emergency detasked.”

Because of this mess, the NSA has tried to stop collecting certain types of information, doing "emergency detasks" of certain collections. This, yet again, shows how ridiculous Keith Alexander's "collect it all" mantra is. When you collect it all, you get inundated with a ton of bogus data, and the information presented here seems to support that.

from the urls-we-dig-up dept

The field of education is looking ripe for disruption as "distance learning" becomes more and more practical with internet connections and algorithmic grading systems. There are still plenty of bugs to be worked out for digital education, but it's coming. (And famous dropouts from Steve Jobs to Mark Zuckerberg seem to suggest some flaws in the traditional university system.) Here are just a few links on how schools are changing and developing new kinds of classes.

from the good-looking-out dept

I suppose if you wanted to, you could make a big list of things that prove this world we live in leaves much to be desired. Flip on the news and you'll understand how government is broken. Ride public transportation in any major city and you'll lose faith in most of humanity by the time you reach your stop. But to really demonstrate that we live in a mean, dangerous world, I give you smart phone apps for war zones.

In Lebanon, for example, as sectarian violence spills across Syria's border, apps are being developed for avoiding riots, car bombs, and even snipers. The military created "LAF Shield," which allows them to highlight danger zones for users to avoid. Users in turn can swipe to issue an SOS or report suspicious activity to the army.

I mean, I get how this is obviously useful, but this is depressing. I don't want to picture myself rising for the morning coffee, heading for the door on my way to work, only to whip out my smart phone and check where the IEDs and snipers might be on my way to the bus. Still, it seems like a pretty interesting way to crowdsource keeping people safe. Assuming, of course, that the Lebanese military doesn't abuse the app for their own purposes, or turn it off at their whim.

And the goal of "Way to Safety," an app under development, is to be able to locate a gunman just using the smartphones in people's pockets. The app will record gunfire, identify the type of weapon being used and triangulate the exact location of the shooter, as long as several users are in the area.

Sort of sounds like Batman's illicit use of roughly all the phones in Dark Knight. And, like in that story, I worry about the abuse of governments using this. That said, so long as the phone manipulation can't be done surreptitiously, using the recordings as evidence to identify shooters could be helpful. Concurrently, you'd like to hope that these types of apps won't turn into the kind of sectarian or prejudicial "services" that the now semi-infamous Ghetto Tracker app did, but it seems like the potential for that very thing is quite high.

The point is that these war zone apps are as interesting as they are depressing. The fact that many of our fellow humans need an app to tell them how to avoid getting blown up or shot may be the reality, but I have to believe there are ways to utilize technology to bring people together, rather than keep them from dying apart.

from the or-someone-else? dept

Nick Davies at The Guardian has an interesting article challenging those (including some competing UK newspapers) who have been arguing that it's somehow inappropriate for journalists to make the decision about whether or not Snowden's leaked documents can be revealed without revealing sensitive information that puts lives in danger. We've seen similar claims elsewhere, including in our comments, where some insist that it's preposterous to think that anyone other than the intelligence community can know for certain whether or not the documents are sensitive. Davies, however, makes the strong case that the government has a long and sordid history of hiding behind these kinds of claims to disguise highly questionable activity -- and, instead, it's the power of the press that is necessary to keep them honest.

The official answer is that we should trust the security agencies themselves. Over the past 35 years, I've worked with a clutch of whistleblowers from those agencies, and they've all shared one underlying theme – that behind the screen of official secrecy, they had seen rules being bent and/or broken in a way which precisely suggested that the agencies should not be trusted. Cathy Massiter and Robin Robison, for example, described respectively MI5 and GCHQ pursuing politically motivated projects to spy on peace activists and trade unionists. Peter Wright told of MI5 illegally burgling its way across London "while pompous bowler-hatted civil servants in Whitehall pretended to look the other way". David Shayler exposed a plot both lawless and reckless by MI5 and MI6 to recruit al-Qaida supporters to assassinate Colonel Gaddafi.

All of this was known to their bosses. None of it should have been happening. But the agencies in whom we are invited to place our trust not only concealed it but without exception then attacked the whistleblowers who revealed it.

Davies also destroys the idea that politicians in charge of "oversight" can do an effective job:

Would we do better to trust the politicians who have oversight of the agencies? It's instructive to look back from our vantage point, post-Snowden, to consider what was happening only two years ago when the government attempted to introduce new legislation which came to be known as the snooper's charter. If the oversight politicians are as well-informed as they claim, they must have known that this was in part a cynical attempt to create retrospective legal cover for surveillance tools that were already secretly being used, but they said nothing. And when parliament refused to pass that law, clearly indicating that there was no democratic mandate for those tools, they still stayed silent.

Politicians fall easy victim to a political Stockholm syndrome which sees them abandon their role as representatives of the people in favour of becoming spokesmen for the spooks. It was there in the 1970s when the New Statesman bravely exposed security lapses and financial corruption in GCHQ, only to face a prosecution orchestrated by a Labour attorney general; there again with Jack Straw describing in his autobiography how MI5 had spied on him and his family since he was 15 but declaring that he was "neither surprised nor shocked – this was the world we lived in"; and there again, of course, in the foreign secretary William Hague's bland presumption that "if you have nothing to hide, you have nothing to fear" from the systems of mass surveillance exposed by Snowden.

These are all UK examples, of course. But we've seen the identical situation in the US as well. The over-classification problem in our government is well-documented and no one seems to want to fix it. Furthermore, stories of intelligence community abuses of power are well-known throughout US history. As for political oversight, the litany of stories we've had concerning Rep. Mike Rogers tells a different story altogether. He's supposedly in charge of oversight, but comes from an intelligence background and has shown, repeatedly that his focus is not on oversight, but on running cover to prevent real oversight of the intelligence community's actions.

Journalists may not be perfect, but they certainly have a much better track record than either governments or politicians in making these kinds of determinations.

the Directors of all the major Internet organizations -- ICANN, the Internet Engineering Task Force, the Internet Architecture Board, the World Wide Web Consortium, the Internet Society, all five of the regional Internet address registries -- turned their back on the US government. With striking unanimity, the organizations that actually develop and administer Internet standards and resources initiated a break with 3 decades of U.S. dominance of Internet governance.

Brazil, which has slammed massive US electronic spying on its territory, said on Wednesday it would host a global summit on internet governance in April.

President Dilma Rousseff made the announcement after conferring in Brasilia with Fadi Chehade, chief executive of the Internet Corporation for Assigned Names and Numbers (Icann).

"We have decided that Brazil will host in April 2014 an international summit of governments, industry, civil society and academia" to discuss Brazil's suggestions for upgrading Internet security, Rousseff said on Twitter.

Once again, we see the NSA's reckless disregard for the consequences of its global surveillance -- far beyond what could be regarded as reasonable or proportionate -- is now having massive adverse effects on America's standing and influence in the world. The Internet Governance Project post puts it well:

Make no mistake about it: this is important. It is the latest, and one of the most significant manifestations of the fallout from the Snowden revelations about NSA spying on the global Internet. It's one thing when the government of Brazil, a longtime antagonist regarding the US role in Internet governance, gets indignant and makes threats because of the revelations. And of course, the gloating of representatives of the International Telecommunication Union could be expected. But this is different. Brazil's state is now allied with the spokespersons for all of the organically evolved Internet institutions, the representatives of the very "multi-stakeholder model" the US purports to defend. You know you've made a big mistake, a life-changing mistake, when even your own children abandon you en masse.

And before anyone tries to blame this latest development on Snowden, let's be clear that the problem is not that this activity has been revealed, but that the NSA was doing it in the first place.

Less than a week after a Pennsylvania man posted a video showing a Lancaster cop refusing to take an accident report because the man insisted on his nephew recording the interaction, a story that was picked up by a national technology site as well as the local newspaper, another Lancaster police officer threatened to arrest the man on wiretapping charges, indicating a clear pattern of abuse of authority when it comes to the Constitutionally protected act of recording cops in public.

Fortunately, Paul Dejesus knew his rights and was not afraid to assert them, even after the cop gave up on the wiretapping threat and began threatening him with disorderly conduct, which is the usual catch-all charge for contempt of cop.

But Dejesus slapped that threat down by pointing out he was recording from his own yard.

"It is not illegal to film police in the course of their duties, as long as you are not interfering with them doing their job..."

City officers are instructed during ongoing in-service sessions that citizens are allowed to film them doing their jobs, Hickey says.

Case law has established that right, and officers should not inform a citizen otherwise, Hickey says.

"It's reasonable to expect, at any given time, anybody could be filmed," Hickey says. "There are traffic cameras, cameras at ATMs, even most of our patrol vehicles are equipped with dash cams.

"You are under surveillance no matter where you go."

Hickey's not lying about the surveillance. Lancaster is somewhat infamous for the number of surveillance cameras it has installed, which surpasses the number installed by many larger cities like San Francisco and Boston. Not only that, but the system is manned by volunteers including, at one point, someone who had been convicted of stalking, harassment and impersonating a public official.

The fact that everyone in Lancaster is "under surveillance" (from the mouth of the PD PR himself) means that the police, who "benefit" from this camera system, are the last people who should be granting themselves an "expectation of privacy" in order to wave off pesky citizens and their recording devices.

These cops backed off when the usual stuff didn't work, but there's obviously still a disconnect between the PD spokesman's calming statements and the actual attitude of the rank-and-file.

The issue? Malamud had purchased, formatted and posted Mississippi's Code of Law, Annotated. As with Georgia, the real issue seems to be in the question of whether or not the annotations themselves are covered by copyright, as they're often produced and sold by a private company (usually LexisNexis), but in coordination with the government. That's the case here, as the letter Malamud received from Mississippi's intellectual property counsel, Larry Schemmel, suggests. Schemmel goes to great lengths to point out that the unannotated code is "freely available," but that the "creative work" behind the annotations is covered by copyright, and thus should be taken off of Malamud's site.

However, as Malamud notes in his response letter (complete with a bunch of "exhibits"), the State of Mississippi makes it fairly clear that the annotated code is part of the law, and thus he argues it, too, should be freely accessible:

Exhibit K contains
the marketing literature provided by your vendor. As you can see, any citizen and certainly any lawyer would feel totally remiss in not using the the official annotated
version of the Code. The marketing literature stresses that:

Be sure that the law you read is the law indeed
Official isn’t just a word. It’s a process. The Mississippi Joint Legislative
Committee on Compilation, Revision and Publication of Legislation maintains
careful editorial control over the publication of the official code, from the
moment LexisNexis receives the acts to the ﬁnal galley proofs of the ﬁnished
product. Their strict supervision ensures that the published code and its
supplements contain no errors in content, conform carefully to the numbering
scheme, and publish in a timely manner.

Cite the code that’s guaranteed to be right
Because it’s official, you can rely on LexisNexis’ Mississippi Code of 1972
Annotated for the correct statement of the law ...

As you can see, it is very clear that the Code is the official statement of the law as
promulgated by the State. This is not some independent commercial endeavor, this is
an official process under the direction of the State.

I have attached as Exhibit L the same section earlier attached from Exhibit D, this one
being the annotated version. As you can see by comparing the two, the Annotated
Code includes important cross references, research references, and Editor’s Notes. The
Editor’s notes are not simply creative work, they are important materials. For example,
the note to § 1-1-11 is a reference to a statement adopted by the Joint Legislative
Committee on Compilation, Revision and Publication of Legislation. Statements such as
these are part and parcel of the law, statements of the codiﬁers that add important
information to the original statutes.

Malamud further challenges (in great detail) the argument that even the unannotated version is freely available, noting that LexisNexis throws up a giant pop-up before you can access it that requires you to agree to terms and conditions that are not at all reasonable for public domain information like official laws.

Those Terms and Conditions,
which are attached in Exhibit B, consists of an extensive license agreement spanning 5
pages of exceedingly technical language in ﬁne print.

Some of the highlights of the agreement include fairly draconian prohibitions against
efective use, including a prohibitions against the ability to “copy, modify, reproduce,
republish, distribute, display, or transmit for commercial, non-proﬁt or public
purposes all or any portion of this Web Site.”

He also notes that LexisNexis has made it impossible to share the information contained in even the unannotated law via a URL:

The user interface your vendor presents is full of links to various proprietary products,
but there is a little print icon, which presents a semi-clean version of the text, as
shown in Exhibit E. However, there is a huge ﬂaw in the user interface, in that the URL
that is presented does not allow a user to share what they are looking at with other
users. If you mail the URL to a friend, you don’t get the section of the Code, you get a
screen from your vendor hawking proprietary products as shown in Exhibit F.

He further notes that the site LexisNexis put together is "replete with HTML errors" as well as CSS errors, preventing modern browsers from being able to display it properly. Also (and this is potentially a big legal issue), the site does not comply with the accessbility requirements of the US Rehabilitation Act, which requires such information be made available to people with disabilities.

Malamud, in his Kickstarter update also highlights the incredibly detailed and painstaking process by which he sent this particular response to officials in Mississippi. This includes printing it all out and binding it very professionally, sending along a professional grade self-inking rubber stamp with the statement originally stated by Supreme Court Justice Stephen Breyer that "If a law isn't public, it isn't a law," and finally packing the whole thing up in a box with red, blue and white "crinkle-pak" in the design of the Mississippi flag. Here are just a few of the photos (more if you click on any of the images which will take you to the update):

This may seem like overkill (or just showing off your packing skills), but as Malamud explains, there's a very important reason to go to this level of detail:

You may wonder why all the hooptedoodle and fancy printing? We want to send a message that we're very serious about this and that posting the Mississippi Code was not a casual hack, but a deliberate and carefully considered decision to make the laws of the states available to citizens. I've been presenting these kinds of issues to governments for over 20 years, and I've learned that you have to show determination, and nothing shows determination like a professional-grade rubber stamp.

On that note, I'm heading out to get some professional-grade rubber stamps.

from the who-do-they-think-they're-kidding dept

There are times you just shake your head and wonder who the NSA top officials think they're kidding with their statements. Take, for example, some recent comments from the NSA's number two guy in charge, Chris Inglis, the Deputy Director, who gave an interview to the BBC where he tried to paint the NSA as not being quite as bad as everyone says, but admitted that there could be more transparency. That's all the usual stuff, but the following tidbit caught my eye:

The job of the NSA, Mr Inglis said, was to exploit networks to collect intelligence in cyberspace and to defend certain networks - but not carry out destructive acts.

"NSA had a responsibility from way back, from our earliest days, to both break codes and make codes," he said. "We have a responsibility to do intelligence in a space we once called the telecommunications arena - now cyberspace - and the responsibility to make codes or to defend signals communications of interest.

"That's different than what most people conceive as offence or attack in this space."

That task of destructive cyber attack, if ordered, lies with the US military's rapidly expanding Cyber Command.

Except, as we've noted more than a few times, US Cyber Command is the NSA. It's run by Keith Alexander, the director of the NSA, and it's housed in the same place as the NSA. For all intents and purposes, US Cyber Command is the NSA, and Alexander has no problem at all swapping hats depending on what's most convenient. He regularly tries to talk about "protecting the network" when it suits him, ignoring that the same efforts he's looking at (greater access to corporate networks) would also make it much easier for the NSA and US Cyber Command to launch offensive attacks -- which Snowden's leaks proved the NSA did hundreds of times.

Pretending the two are different, and that the NSA only focuses on "breaking codes and making codes" is yet another bogus claim from an NSA official, adding to a very long list.

from the because-he's-clueless dept

Late last week, an incredibly dishonest piece was published in The New Republic by Jack Goldsmith arguing not just that we "need" an "invasive NSA," but further, that we'll all come to love and appreciate the NSA snooping on all of our electronic communications (including snooping through the "contents" rather than just metadata). Why? Because of that old bogeyman "hackers"! We'll dig through the blatant cluelessness of the piece in a moment, but just to set the context, it's important to note that Goldsmith, back when he was a lawyer in the George W. Bush White House, wrote the memo that gave legal cover for Bush's warrantless wiretapping efforts. The legal argument was ridiculous: it was, more or less, "if the President does it, it's okay, because he's like powerful and stuff."

We conclude that in the circumstances of the current armed conflict with al Qaeda, the restrictions set out in FISA, as applied to targeted efforts to intercept the communications of the enemy in order to prevent further armed attacks on the United States, would be an unconstitutional infringement on the constitutionally assigned powers of the President. The President has inherent constitutional authority as Commander in Chief and sole organ for the nation in foreign affairs to conduct warrantless surveillance of enemy forces for intelligence purposes to detect and disrupt armed attacks on the United States. Congress does not have the power to restrict the President’s exercise of that authority.

Got that? It's not the 4th Amendment he was worried about infringing on, but rather the "assigned powers of the President," which he argued included ignoring the 4th Amendment's requirement for a warrant before wiretapping. Anyway, so that gives you some sense of the kind of person writing this defense of an intrusive NSA. He believes that if the President is doing it for a good reason (as, apparently, decided by the President), then it's perfectly legal, because separation of powers is another concept that can be ignored.

Okay, back to his present... screed. The key argument here seems to be to puff up cybersecurity FUD as much as possible to argue that it won't be long until we're all begging the NSA to spy on us to stop hackers from defacing websites. His big "example" of this is the recent hacking of the NY Times' website by the Syrian Electronic Army. That story got a bit of attention for about two days, and then fell off the map -- which is precisely why Goldsmith is wrong. For all the FUD NSA supporters and big defense contractors keep claiming over cybersecurity, they seem to be unable to get past the fact that when someone hacks a website and defaces it, while it may be a nuisance, no one dies. Yes, they like to talk up how many cybersecurity attacks there are going on these days, but they won't discuss the fact that in all of them exactly zero people have died.

The story of the NY Times hacking disappeared almost as quickly as it happened, because the consequences weren't particularly large or important. Yet, Goldsmith is arguing, effectively, that the NSA needs access to all networks in order to prevent the SEA from hacking the NYT again.

The U.S. government can fully monitor air, space, and sea for potential attacks from abroad. But it has limited access to the channels of cyber-attack and cyber-theft, because they are owned by private telecommunication firms, and because Congress strictly limits government access to private communications. “I can’t defend the country until I’m into all the networks,” General Alexander reportedly told senior government officials a few months ago.

For Alexander, being in the network means having government computers scan the content and metadata of Internet communications in the United States and store some of these communications for extended periods. Such access, he thinks, will give the government a fighting chance to find the needle of known malware in the haystack of communications so that it can block or degrade the attack or exploitation. It will also allow it to discern patterns of malicious activity in the swarm of communications, even when it doesn’t possess the malware’s signature. And it will better enable the government to trace back an attack’s trajectory so that it can discover the identity and geographical origin of the threat.

This makes two big assumptions -- one of which is false and the other of which is misleading. The first is that the NSA could or would actually successfully stop such a hack. This is false. Just like the NSA was unable to actually predict the Boston Marathon bombings, the idea that it could somehow catch a simple phishing trick is laughable. Goldsmith goes on at length about "malware" -- which he seems to grant mystical powers to -- but ignores that the reason the NYT's website got hacked was because of social engineering (via someone phishing an employee at a domain registrar), not malware. The NSA isn't going to catch that.

Secondly, there's the assumption that the NSA will actually "block or degrade the attack or exploitation." This appears to ignore pretty much everything that's come out about the NSA's activities lately, including its regular buying of exploits, placing backdoors in products and security standards, and its general focus on using such things offensively rather than defensively.

Goldsmith just keeps repeating these silly claims with ever grander claims over and over in the piece, as if he repeats it enough, perhaps someone will believe it. Frankly, Goldsmith comes off as an authoritarian-loving lawyer who is almost entirely technologically illiterate. He seems over-awed by the technology and thus insists that (1) the NSA needs to spy on everything to "protect" us and (2) that the government somehow will actually be the best party to protect insecure systems (totally ignoring the fact that the same government actively weakened those same technologies). For example, he goes back to the claim that some computer vandalism will make people open their arms to a spying NSA:

The first is that the cybersecurity threat is more pervasive and severe than the terrorism threat and is somewhat easier to see. If the Times’ website goes down a few more times and for longer periods, and if the next penetration of its computer systems causes large intellectual property losses or a compromise in its reporting, even the editorial page would rethink the proper balance of privacy and security. The point generalizes: As cyber-theft and cyber-attacks continue to spread (and they will), and especially when they result in a catastrophic disaster (like a banking compromise that destroys market confidence, or a successful attack on an electrical grid), the public will demand government action to remedy the problem and will adjust its tolerance for intrusive government measures.

Except, again, there's little indication that any such attack would shatter people's trust in the market. This seems to presuppose an incredibly stupid populace, not one that can process basic information like "this website was hacked, and it may be inconvenient, but we'll get over it." Ditto the bogeyman of "hacking the electric grid." The NSA has talked up this "electric grid" threat for years and it's bogus. Actual experts have (literally) called such claims "a bunch of hooey." And even if hackers could take down an electric grid for some period of time, we have at least some sense of what will happen, thanks to the Northeast blackout of 2003, which took down a massive section of power in the northeast and midwest. And this was soon after 9/11, so people were especially sensitive to threats of terrorism... and they didn't freak out or destroy society. They waited for things to get sorted out, and people moved on with life. No biggie.

So the whole claim that "the cybersecurity threat is more pervasive and severe than the terrorism threat" is ridiculous.

Goldsmith may want to support his beloved surveillance state, which he personally helped expand a decade ago, but fear mongering is no way to make a compelling argument -- especially when it appears so clueless about the basics of technology and the threats out there.

It's led us to a point in our relationship with the government, where we have an executive -- a Department of Justice -- that's unwilling to prosecute high officials who lied to Congress and the country on camera, but they'll stop at nothing to persecute someone who told them the truth. And that's a fundamentally dangerous thing to democracy.

That encapsulates so much of what the problem is with everything that's happened in the past few months. It's a point well worth repeating. The other video I really liked was the one where Snowden talked about the problem of secret laws and secret programs and the idea that the government is supposed to be in power with the consent of the governed, but how that's impossible without oversight.

The key statement:

This is not about any particular program. This is about a trend in the relationship between the governing and the governed in Amercia, that is coming increasingly into conflict with what we expect as a free and democratic society. If we can't understand the policies and programs of our government, we cannot grant our consent in regulating them....

Snowden has mostly stayed hidden away from the public eye since all of this began. He's turned down basically all interview requests, so there's been very little shown of him actually speaking, other than the initial video he recorded with Laura Poitras and Glenn Greenwald. Once again, these videos show someone who appears to have thought deeply about what he is doing and why he did it.

from the shameful dept

There had been some buzz a while back when Digital Music News published an entire iTunes Radio contract, which was targeted at smaller indie labels, showing how Apple got to throw its weight around, presenting terms that were very much in Apple's favor over the labels if they wanted to participate in iTunes Radio. However, while it took a few months, Apple's lawyers finally spotted this and they have apparently made a copyright claim to get the contract taken down. I wonder how the small group of indie musicians who always fight for stronger copyrights feel about Apple using copyright to take down rather important information that they should know concerning the sort of deal Apple offers them....

While this may be possibly legal under the law, it demonstrates how the law can be used in ways that really have absolutely nothing to do with copyright's purpose. Apple didn't need copyright's incentives to create this contract. There is no market for the contract itself. The purpose in flexing the copyright claim here is one thing and one thing only: censorship. As law professor Eric Goldman explained:

"It's not out of legal bounds to do this. It's just kind of a jerk move. We all know what's happening here. Apple doesn't care about protecting the copyright of contracts. It's using copyright to try and suppress information that it doesn't want made public."

That said, I question whether or not this really is a legit takedown. While Apple can claim a copyright on the contract, it seems that DMN has a really strong fair use claim. The purpose was for reporting (a key purpose that supports fair use). The publication was in the public interest. The type of work is a "contract" for which copyright tends to mean very little. Finally, there's no "market" for the contract itself, and thus the impact on the market or the value of the copyright in the item is nothing. The only factor that weighs against it is the fact that the entire contract was used -- but as we've pointed out many times in the past, plenty of cases have been deemed fair use where the "entire work" has been used. This seems like a perfectly strong fair use case, though it might not be worth the legal cost to fight Apple over this, given the company's historical willingness to go absolutely bonkers against publications it doesn't like.

from the moving-on dept

One of the oddities of the whole Ed Snowden affair has been all the talk of how some people are absolutely positive that officials in both China and Russia have copies of all the documents he had. One thing that's often brought up is the fact that he traveled with four laptops -- with the assumption being that the documents are somehow stored on those laptops, and it's likely that government officials in those two countries were able to get access to those laptops and thus get the documents. Except, as some pointed out early on, that doesn't make much sense. Why would you need four laptops to carry a bunch of documents? Documents can be quite small and you don't need extra laptops if you run out of room. Furthermore, as reporter Barton Gellman has explained, Snowden's expertise is in keeping stuff like that secret, and it seemed quite unlikely that he had the documents on those laptops -- which is also why he was able to state that there was no actual way for officials in those countries to get the data from him.

There's now more support for this claim, as Ray McGovern, a former CIA analyst, who was among a small group of high profile whistleblowers from the US intelligence community who traveled to Russia to meet with Snowden last week, has explained that the laptops were nothing more than "a diversion."

The four laptop computers that former U.S. spy contractor Edward Snowden carried with him to Hong Kong and Moscow were a "diversion" and contained no secrets, according to an ex-CIA official who met with Snowden in Russia this week.

The classified documents that Snowden had downloaded from the U.S. National Security Agency were stored on smaller devices, such as hard drives and thumb drives, and they have not been turned over to the Russian or Chinese authorities, said Ray McGovern, a former Central Intelligence Agency analyst.

Of course, some will point out that the Russians and the Chinese could also get those hard drives and thumb drives, but from everything that's been stated, it seems fairly clear that Snowden doesn't have them any more himself, either. Either way, it would appear that a lot of people jumped to conclusions that have yet to be supported by any actual evidence.

from the people-are-going-to-die dept

Keith Alexander just can't resist playing the "fear card" when it comes to the Snowden leaks. His latest move is to insist people will die:

Terrorists “listen, they see what has come out in the press and they adjust,” Gen. Alexander said. He said the damage from the leaks is irreversible. “I believe people will die because we won’t be able to stop some of those threats.”

Let's face facts: the NSA cannot and will not stop all attacks. It totally missed the Boston Marathon bombing, for example, even if (ridiculously) it now likes to cite that as one of its "successes" because it was able to make sure that other attacks weren't likely to follow. Yes, people will die from terrorist attacks. That's what happens. The NSA is never going to be 100% successful in stopping attacks. That's the nature of the game. In fact, it's not clear that the NSA has a particularly good track record at stopping attacks at all. But, going further, just because there are some threats, it doesn't mean we throw the 4th Amendment out the window the way Alexander apparently would like.

As I've said before, I'm sure law enforcement would be able to stop lots of crimes -- and potentially some people getting killed -- if it was just able to put a video camera and microphone everywhere. But we don't allow that, because the tradeoff in terms of a violation of our privacy is too great.

Furthermore, that bullshit line about terrorists "adjusting" based on what they read in the press? That might (though, not really) have some weight if others in the intelligence community hadn't already noted that terrorists already know all of this and avoided using these systems, and the fact that the NSA hasn't been able to actually show how any of these programs were essential in stopping a terrorist attack on the US.

Having followed pretty closely what the Snowden docs have revealed, it's not at all clear how any of it would actually make it more difficult for the NSA to do its job. It basically revealed that they're tapping a bunch of things that most people realized weren't particularly secure in the first place.

For all the talk of having a "serious debate" on these issues, it would help a lot of Keith Alexander and James Clapper dropped the whole "you're all going to die" charade. No one's buying it.